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1 Adding type parameterization to the Java language 
Ole Agesen, Stephen N. Freund, John C. Mitchell 
October 1997 ACM SIGPLAN Notices , Proceedings of the 12th ACM i 
conference on Object-oriented programming, systems, la 
applications OOPSLA '97, Volume 32 Issue 10 
Publisher: ACM Press 

Full text available: ^pdf(2.16 Additional Information: full citation , abst 

MB) citings , index ten 

Although the Java programming language has achieved widespread acce 
that seems sorely missed is the ability to use type parameters (as in Ada . 
templates, and ML polymorphic functions or data types) to allow a genei 
instantiated to one or more specific types. In this paper, we propose para 
and interfaces in which the type parameter may be constrained to either i 
interface or extend a given class. This design allows t ... 



2 Parasitic methods: an implementation of multi-methods for Java 
^ John Boyland, Giuseppe Castagna 

October 1997 ACM SIGPLAN Notices , Proceedings of the 12th ACM I 
conference on Object-oriented programming, systems, la 
applications OOPSLA '97, Volume 32 Issue 10 
Publisher: ACM Press 

Full text available: 1 ipdf(1.87 Additional Information: full citation, abst 
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In an object-oriented programming language, method selection is (usuall 
using the class of the receiver. Some object-oriented languages (such as 1 
methods which comprise several methods selected on the basis of the rur 
the parameters, not just the receiver. Multi-methods permit intuitive and 
of binary methods such as structural equality, set inclusion and matrix m 
name a few. Java as currently d ... 

3 Compatible genericity with run-time types for the Java programming langu 
Robert Cartwright, Guy L. Steele 

October 1998 ACM SIGPLAN Notices , Proceedings of the 13th ACM ! 

conference on Object-oriented programming, systems, la 
applications OOPSLA '98, Volume 33 Issue 10 

Publisher: ACM Press 

Full text available: ^pdf(1.97 Additional Information: full citation , abst 

MB) citings , index ten 

The most serious impediment to writing substantial programs in the Java 
programming language is the lack of a gentricity mechanism for abstract 
methods with respect to type. During the past two years, several researct 
developed Java extensions that support various forms of genericity, but r 
in accommodating general type parameterization (akin to Java arrays) wl 
compatibility with the existing. Java Virtual Machine. In thi ... 

4 Converting Java classes to use generics 
^ Daniel von Dincklage, Amer Diwan 

October 2004 ACM SIGPLAN Notices , Proceedings of the 19th annual 
conference on Object-oriented programming, systems, la 
applications OOPSLA '04, Volume 39 Issue 10 

Publisher: ACM Press 

Full text available: ^ pdf(259.67 Additional Information: full citation , abst 

KB) index terms 

Generics offer significant software engineering benefits since they provi< 
without compromising type safety. Thus generics will be added to the Ja 
next release. While this extension to Java will help programmers when tl 
code, it will not help legacy code unless it is rewritten to use generics. In 
manually modifying existing programs to use generics is complex and a 
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and labor intensive. 
We describe a system ... 

Keywords: generics, parametric polymorphism, type inference 



5 Using Java reflection to automate extension language parsing 
^ Dale Parson 

December 1999 ACM SIGPLAN Notices , Proceedings of the 2nd confe 

specific languages PLAN '99, Volume 35 Issue 1 
Publisher: ACM Press 

Full text available: 1 8pdf(l.03 Additional Information: full citation , abst 

MB) index terms 

An extension language is an interpreted programming language designee 
a domain-specific framework. The addition of domain-specific primitive 
embedded extension language transforms that vanilla extension languag< 
specific language. The LUx WORKS processor simulator and debugger 1 
Tel as its extension language. After an overview of extension language e 
LUx WORKS experience, this paper looks at using Java reflection and ... 

6 A comparative study of language support for generic programming 

& Ronald Garcia, Jaakko Jarvi, Andrew Lumsdaine, Jeremy G. Siek, Jeremia 
October 2003 ACM SIGPLAN Notices , Proceedings of the 18th annual 
conference on Object-oriented programing, systems, Ian£ 
applications OOPSLA '03, Volume 38 Issue 11 
Publisher: ACM Press 

Full text available: 1 8 pdf(237.38 Additional Information: full citation , abst 

KB) citings , index ten 

Many modern programming languages support basic generic programmi 
implement type-safe polymorphic containers. Some languages have mov 
basic support to a broader, more powerful interpretation of generic progr 
extensions have proven valuable in practice. This paper reports on a con 
comparison of generics in six programming languages: C++, Standard M 
Java (with its proposed generics extension), and Generic C. By impleme: 

Keywords: C#, C++, Eiffel, Haskell, Java, generic programming, generi 
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7 Technical correspondence: Parametric polymorphism for Java: is there any 
^ Brian Cabana, Suad Alagic, Jeff Faulkner 

December 2004 ACM SIGPLAN Notices, Volume 39 Issue 12 

Publisher: ACM Press 

Full text available: 1 i pdftl. 60 AJJV 1Tr . ~ „ . . , 

Additional Information: full citation , abst 

In spite of years of research toward a solution for the problem of extendi 
parametric polymorphism (genericity) the officially accepted solution all 
release allows violation of the Java type system and turns a type safe lan 
one. The run-time type information in this release is incorrect which leac 
for the programmers relying on the Java reflective capabilities. We show 
basic reasons for these problems. The firs ... 

Keywords: Java core reflection, Java virtual machine, class files, class o 
loading, parametric polymorphism 



8 A comparison of Ada and Java as a foundation teaching language 
<^ Benjamin M. Brosgol 

September 1998 ACM SIGAda Ada Letters, Volume XVIII Issue 5 
Publisher: ACM Press 

Full text available: Hpdf(1.49 Additional Information: full citation , abst 

MB) terms 

Java has entered the software arena in unprecedented fashion, upstaging 
technologies that are longstanding players in the industry. Almost unhea 
the language and its surrounding technology are attracting increasing att< 
the hardware and software communities but also among lay users and in 
This phenomenon has not escaped the attention of academia, and a grow 
colleges and universities are looking at Java as a candid ... 

9 On type systems for object-oriented database programming languages 
<^ Yuri Leontiev, M. Tamer Ozsu, Duane Szafron 

December 2002 ACM Computing Surveys (CSUR), Volume 34 Issue 4 
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Publisher: ACM Press 

Full text available: ^ pdf(346.87 Additional Information: full citation , abst 

KB) index terms 

The concept of an object-oriented database programming language (OOI 
because it has the potential of combining the advantages of object orient; 
programming to yield a powerful and universal programming language c 
and consistent combination of object orientation and database programm 
straightforward. Since one of the main components of an object-oriented 
language is its type system, one of the first problems that ar ... 

Keywords: OODB, OODBPL, object-oriented database programming la 
checking, typing 



10 Featherweight Java: a minimal core calculus for Java and GJ 
^ Atsushi Igarashi, Benjamin C. Pierce, Philip Wadler 

May 2001 ACM Transactions on Programming Languages and System 
Volume 23 Issue 3 

Publisher: ACM Press 

Full text available: ^ pdf(644.38 Additional Information: full citation , abst 

KB) citings , index ten 

Several recent studies have introduced lightweight versions of Java: redi 
which complex features like threads and reflection are dropped to enable 
about key properties such as type safety. We carry this process a step fur 
almost all features of the full language (including interfaces and even ass 
a small calculus, Featherweight Java, for which rigorous proofs are not o 
easy. Featherweight Java bears a similar rela ... 

Keywords: Compilation, Java, generic classes, language design, langua^ 



11 Featherwieght Java: a minimal core calculus for Java and GJ 
^ Atshushi Igarashi, Benjamin Pierce, Philip Wadler 

October 1999 ACM SIGPLAN Notices , Proceedings of the 14th ACM J 
conference on Object-oriented programming, systems, la 
applications OOPSLA '99, Volume 34 Issue 10 
Publisher: ACM Press 
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Several recent studies have introduced lightweight versions of Java: redi 
which complex features like threads and reflection are dropped to enable 
about key properties such as type safety. We carry this process a step fur 
almost all features of the full language (including interfaces and even ase 
a small calculus, Featherweight Java, for which rigorous proofs are not o 
easy.Featherweight Java bears ... 

Keywords: implementation, language design, theoretical foundations 



12 Principal typings for Java-like languages 
^ Davide Ancona, Elena Zucca 

January 2004 ACM SIGPLAN Notices , Proceedings of the 31st ACM S 
symposium on Principles of programming languages POl 
Issue 1 
Publisher: ACM Press 

Full text available: ^pdfO 70.94 Additional Information: full citation , abst 

KB) citing s, index ten 

The contribution of the paper is twofold. First, we define a general notio: 
equipped with an entailment relation between type environments; this ge 
as a pattern for instantiating type systems able to support separate compi 
checking of Java-like languages, and allows a formal definition of sound 
completeness of inter-checking w.r.t. global compilation. These propertii 
practice since they allow selective recompilation. In p ... 

Keywords: Java-like languages, principal typings, selective recompilatk 



13 A comparison of the concurrency features of Ada 95 and Java 
^ Benjamin M. Brosgol 

November 1998 ACM SIGAda Ada Letters , Proceedings of the 1998 ai 

SIGAda international conference on Ada SIGAda '98, 

Issue 6 

Publisher: ACM Press 
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Keywords: Ada, Java, concurrency, inheritance anomaly, object-oriente 
tasking, threads 



14 Formalizing the safety of Java, the Java virtual machine, and Java card 
^ Pieter H. Hartel, Luc Moreau 

December 2001 ACM Computing Surveys (CSUR), Volume 33 Issue 4 

Publisher: ACM Press 

Full text available: ^ pdf(442.86 Additional Information: full citation , abst 

KB) citings , index ten 

We review the existing literature on Java safety, emphasizing formal app 
impact of Java safety on small footprint devices such as smartcards. The 
although a lot of good work has been done, a more concerted effort is ne 
coherent set of machine-readable formal models of the whole of Java an< 
implementation. This is a formidable task but we believe it is essential tc 
safety, and thence to achieve ITSEC level 6 or Common Crite ... 

Keywords: Common criteria, programming 



15 Jam — designing a Java extension with mixins 
^ Davide Ancona, Giovanni Lagorio, Elena Zucca 

September 2003 ACM Transactions on Programming Languages and S 

(TOPLAS), Volume 25 Issue 5 

Publisher: ACM Press 

Full text available: ^pdffl.33 Additional Information: full citation , abst 

MB) index terms , revr 

In this paper we present Jam, an extension of the Java language supportii 
parametric heir classes. A mixin declaration in Jam is similar to a Java b 
except that it does not extend a fixed parent class, but simply specifies tr. 
methods a generic parent should provide. In this way, the same mixin ca: 
many parent classes, producing different heirs, thus avoiding code duplk 
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improving modularity and ... 
Keywords: Java, language design 



16 Language and Implementation: Safe instantiation in generic Java 
Eric E. Allen, Robert Cartwright 

June 2004 Proceedings of the 3rd international symposium on Principli 

programming in Java PPPJ '04 
Publisher: Trinity College Dublin 

Full text available:* ^ pdf(366.32 XJJ . A . 1T r n « •* x- i , 

Additional Information: full citation , abst 

This paper presents the "Safe-Instantiation Principle," a new design prin< 
extensions of Java with support for generic types. We discuss the GJ and 
formulations of Generic Java and the implications of safe instantiation oi 
We then consider the implications of safe-instantiation for the addition o 
generic types. Finally, we defend the formulation of mixins as hygienic { 
arguing that a hygienic formulation is ... 



17 Alias annotations for program understandin g 

^ Jonathan Aldrich, Valentin Kostadinov, Craig Chambers 

November 2002 ACM SIGPLAN Notices , Proceedings of the 17th ACH 

conference on Object-oriented programming, systems, 
applications OOPSLA '02, Volume 37 Issue 11 
Publisher: ACM Press 

Full text available: 1 8 pdf(336. 14 Additional Information: full citation , abst 

KB) citings , index ten 

One of the primary challenges in building and evolving large object-orie 
understanding aliasing between objects. Unexpected aliasing can lead to 
mistaken assumptions, security holes, and surprising side effects, all of v 
software defects and complicate software evolution. This paper presents , 
capability-based alias annotation system for Java that makes alias patten 
source code, enabling developers to reason more effec ... 

Keywords: aliasing, aliasjava, encapsulation, java, ownership types, typ- 
uniqueness 
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18 A first-class approach to genericity 

Eric Allen, Jonathan Bannet, Robert Cartwright 

October 2003 ACM SIGPLAN Notices , Proceedings of the 18th annual 
conference on Object-oriented programing, systems, lang 
applications OOPSLA '03, Volume 38 Issue 11 

Publisher: ACM Press 

Full text available: ^ pdf(3 57.33 Additional Information: full citation , abst 

KB) citings , index ten 

This paper describes how to add first-class generic types — including mh 
typed 00 languages with nominal subtyping such as Java and C#. A get] 
"first-class" if generic types can appear in any context where convention 
In this context, a mixin is simply a generic class that extends one of its t\ 
a class C<T> that extends T. Although mixins of this form are widely us 
templates), they are clumsy an ... 

19 Javari: adding reference immutability to Java 
^ Matthew S. Tschantz, Michael D. Ernst 

October 2005 ACM SIGPLAN Notices , Proceedings of the 20th annual 
conference on Object oriented programming, systems, lai 
applications OOPSLA '05, Volume 40 Issue 10 

Publisher: ACM Press 

Full text available: 1pdf(345.67 Additional Information: full citation , abst 

KB) index terms 

This paper describes a type system that is capable of expressing and enfc 
constraints. The specific constraint expressed is that the abstract state of 
an immutable reference refers cannot be modified using that reference. 1 
(part of) the transitively reachable state: that is, the state of the object an< 
from it by following references. The type system permits explicitly exch 
abstract state of an ob ... 

Keywords: Java, Javari, assignable, immutability, mutable, readonly, ty] 
verification 
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Making the future safe for the past: adding genericity to the Java programn 
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^ Gilad Bracha, Martin Odersky, David Stoutamire, Philip Wadler 

October 1998 ACM SIGPLAN Notices , Proceedings of the 13th ACM I 
conference on Object-oriented programming, systems, la 
applications OOPSLA '98, Volume 33 Issue 10 
Publisher: ACM Press 

Full text available: * Bpdfn.91 Additional Information: full citation , abst 

MB) citings , index ten 

We present GJ, a design that extends the Java programming language wi 
methods. These are both explained and implemented by translation into 1 
language. The translation closely mimics the way generics are emulated 
erases all type parameters, maps type variables to their bounds, and insei 
needed. Some subtleties of the translation are caused by the handling of ■ 
increases expressiveness and safety: code utilizing generic ... 
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1 Extended abstracts: Studying and using failure data from large-scale intern 
^ David Oppenheimer, David A. Patterson 

July 2002 Proceedings of the 10th workshop on ACM SIGOPS Europe 
beyond the PC EW10 

Publisher: ACM Press 



Large-scale Internet services are the newest and arguably the most comn 
class of systems requiring 24x7 availability. As a result, very little inforr 
published about their causes of failure. In an attempt to address this defi( 
analyzed detailed failure reports from three large-scale Internet services, 
identify the major factors contributing to user-visible failures, (2) evalua 
effectiveness of various techniques ... 

2 Extended abstracts: Towards trusted systems from the ground up 
^ Vivek Haldar, Michael Franz 

July 2002 Proceedings of the 10th workshop on ACM SIGOPS Europe 
beyond the PC EW10 

Publisher: ACM Press 
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Operating systems, the most fundamental software layer in virtually evei 
are notoriously insecure and unreliable. A possible reason for this situati 
on language-based safety and security mechanisms has largely been ignc 
of operating systems. There is a lack of mechanical checking of safety pi 
compile- and run-time) as well as a framework and a mechanism for exp 
transporting and enforcing such properties ... 



3 Extended abstracts: Timing fault detection for safety-critical real-time emb 
^ Sebastien Faucou, Anne-Marie Dplanche, Yvon Trinquet 

July 2002 Proceedings of the 10th workshop on ACM SIGOPS Europe 
beyond the PC EW10 

Publisher: ACM Press 

Full text available: ^ pdfO 14.10 . , . . 1T r A „ u . 

Additional Information: full citation , abst 

On the one hand, a major aspect of dependability for real-time embedde( 
respect of timing requirements. On the other hand, the complexity of mo 
embedded system implies the need for new design process focusing on h 
such as architecture-based design. In this paper, we show how to integra 
detection technique in such a design process. Our approach is based upoi 
(Architecture Description Language). This language allows to d ... 



4 Extended abstracts: THINK: a secure distributed systems architecture 
^ Christophe Rippert, Jean-Bernard Stefani 

July 2002 Proceedings of the 10th workshop on ACM SIGOPS Europe 
beyond the PC EW10 

Publisher: ACM Press 

Full text available: 1 pdf(64.00 ...... 1T . fl „ . . u + 

Additional Information: full citation , abst 

In this paper, we present THINK, our distributed systems architecture, ai 
have conducted to provide the system programmer with an architecture 1 
efficient and secure operating systems. By specifying and implementing 
that can be used by the system programmer to implement a chosen secur 
that flexibility can be guaranteed in an operating system without compro 
Our work focuses on protection against denial of serv ... 
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Extended abstracts: Secure coprocessor-based intrusion detection 
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^ Xiaolan Zhang, Leendert van Doom, Trent Jaeger, Ronald Perez, Reiner S; 
July 2002 Proceedings of the 10th workshop on ACM SIGOPS Europe 

beyond the PC EW10 
Publisher: ACM Press 

Full text available: ^ pdf(65. 31 AJJ . 4 . t T r - „ . A x . , 

Additional Information: full citation , abst 

The goal of an intrusion detection system (IDS) is to recognize attacks si 
exploitation can be prevented. Since computer systems are complex, thei 
places where detection is possible. For example, analysis of network traf 
attack in progress [1 1], a compromised daemon may be detected by its a 
[14, 12, 5, 10, 15], and subsequent attacks may be prevented by the dete< 
and stepping stones [16, 17]. 

6 Extended abstracts: Replica management should be a game 
Dennis Geels, John Kubiatowicz 

July 2002 Proceedings of the 10th workshop on ACM SIGOPS Europe 

beyond the PC EW10 
Publisher: ACM Press 

Full text available: ^ pdf(96.66 ...... 1T „ , „ . . 

j^g^ Additional Information: full citation , abst 

We believe that large-scale replica management solutions should be bast 
model. In this paper, we discuss the benefits provided by an economic aj 
important directions for future research. 

7 Extended abstracts: Pangaea: a symbiotic wide-area file system 
^ Yasushi Saito, Christos Karamanolis 

July 2002 Proceedings of the 10th workshop on ACM SIGOPS Europe 

beyond the PC EW10 
Publisher: ACM Press 

Full text available: %dff3I7JL2 

j^Iq Additional Information: full citation , abst 

Pangaea is a planetary-scale file system designed for large, multi-natiom 
groups of collaborating users spread over the world. Its goal is to handle 
storage needs — e.g., document sharing, software development, and data 
be write intensive. Pangaea uses pervasive replication to achieve low ac< 
high availability. It creates replicas dynamically whenever and wherever 
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builds a random graph of replicas for each ... 

8 Extended abstracts: Operating system support for massive replication 
^ Arun Venkataramani, Ravi Kokku, Mike Dahlin 

July 2002 Proceedings of the 10th workshop on ACM SIGOPS Europe 

beyond the PC EW10 
Publisher: ACM Press 

Full text available: ^ pdf(293.50 , . .... 1T - * « 

j^g - ^ Additional Information: full citation , abst 

The increasing number of devices used by each user to access data and s 
increasing importance of the data and services available electronically b( 
anywhere" network-delivered services. Unfortunately, making such serv 
is difficult. For example, even though end servers or service hosting site: 
availability of "four nines" (99.99%) or "five nines" (99.999%), the end- 
availability (as perceived by clients) istypically lim ... 

9 Extended abstracts: OASIS project: deterministic real-time for safety critic 
^ systems 

Stephane Louise, Vincent David, Jean Delcoigne, Christophe Aussagues 
July 2002 Proceedings of the 10th workshop on ACM SIGOPS Europe 

beyond the PC EW10 
Publisher: ACM Press 

Full text available: B pdf(77.28 ...... 1T , + . A .. . . 

Additional Information: full citation , abst 

Safety critical systems is a growing industrial concern. It is a particular s 
interest for embedded or I&C systems, in nuclear power plant or aircraft 
automotive industry is to use more and more microcontrollers or micropi 
software in the near future[Bre01], concerns about safety of these systen 
mainstream. At the system level, because of intrinsic complexity, it is di: 
high dependability. Typical applications should ... 

10 Extended abstracts: Model checking system software with CMC 
^ Madanlal Musuvathi, Andy Chou, David L. Dill, Dawson Engler 

July 2002 Proceedings of the 10th workshop on ACM SIGOPS Europe 

beyond the PC EW10 
Publisher: ACM Press 
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Complex systems have errors that involve mishandled corner cases in ini 
events. Conventional testing techniques usually miss these errors. In rec( 
verification techniques such as [5] have gained popularity in checking a 
possible behaviors of a system. However, such techniques involve gener 
model of the system. Such an abstraction process is unreliable, difficult i 
implementation errors. CMC is a framework for mode ... 



11 Extended abstracts: A utility-centered approach to building dependable infi 
^ George Candea, Armando Fox 

July 2002 Proceedings of the 10th workshop on ACM SIGOPS Europe 
beyond the PC EW10 

Publisher: ACM Press 

Full text available: 1 ! pdfO 03.21 A , .... 1T . .. ~ „ .. .. 

j^gj Additional Information: full citation , abst 

Achieving dependability in large scale infrastructure systems always req 
intelligent tradeoffs. This paper draws upon ideas from economics and o 
to propose a systematic approach to thinking about such tradeoffs in tern 
beneficiary's utility. The design process consists of choosing a spanning 
design space, explicitly formulating utility functions with respect to eacr 
spanning set, and then iteratively converging on the d ... 



12 Extended abstracts: Increasing smart card dependability 
Ludovic Casset, Jean-Louis Lanet 

July 2002 Proceedings of the 10th workshop on ACM SIGOPS Europe 

beyond the PC EW10 
Publisher: ACM Press 

Full text available: * B pdff67. 19 KAA ... 1T ~ + . ~ n .. 

Additional Information: mil citation , abst 

Open smart cards like Java Card provide application developers an oppo 
rapidly applications by offering the possibility to download during post i 
into the card. The main drawback with this kind of smart cards is the risl 
hostile application that may exploit a faulty implementation module of tl 
Security is always a big concern for smart cards, but the issue is getting i 
multi-applicative platforms, post issuance code do ... 
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13 Extended abstracts: High-confidence operating systems 

Radu Grosu, Erez Zadok, Scott A. Smolka, Ranee Cleaveland, Yanhong A 
July 2002 Proceedings of the 10th workshop on ACM SIGOPS Europe 

beyond the PC EW10 
Publisher: ACM Press 

Full text available: Updff 89.56 A .. u . 1T . , • ~ „ ^ , , 

Additional Information: full citation , abst 

Operating systems (OSs) are among the most sophisticated software sysl 
use, and among the most expensive and time-consuming to develop and 
software must also be robust and dependable, since OS failures can resul 
that corrupt user data, endanger human lives (cf. embedded systems), or 
avenues of attack for hackers or even cyber-terrorists. 



14 Extended abstracts: Gaining and maintaining confidence in operating syste 
^ Trent Jaeger, Antony Edwards, Xiaolan Zhang 

July 2002 Proceedings of the 10th workshop on ACM SIGOPS Europe 
beyond the PC EW10 

Publisher: ACM Press 

Full text available: 1 pdf(87.33 ...... 1T , + . - , 

^gy Additional Information: full citation , abst 

Recently, there has been a lot of work in the verification of security prop 
Engler et al. use static analysis to find flaws in the implementation of Lh 
such as the failure to release locks [4]. Edwards et al. use static and dyna 
verify that the authorization hooks of the Linux Security Modules (LSM 
placed such that all the necessary authorizations are performed [2, 12]. h 
et al. and Larochelle et al. show how ... 



15 Extended abstracts: Fault tolerance and avoidance in biomedical systems 
^ Shane Stephens, Gemot Heiser 

July 2002 Proceedings of the 10th workshop on ACM SIGOPS Europe 
beyond the PC EW10 

Publisher: ACM Press 

Full text available: 1 pdf(68.44 ..... 1T . . .. v . 

Additional Information: full citation , abst 

It is important for a variety of reasons that biomedical systems execute v 
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useful approach towards error-free software is to design a range of fault 
into applications software. In addition, by restricting the behaviour of an 
requiring explicit allocation of resources such as memory, errors can be < 
application is still being written, rather than once an application has beer 
paper investigates how an operating syst ... 
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Since most control systems software is hardware-related, real-time-orien 
adaptable OSs which help program productivity and maintainability imp 
strong demand. We are developing an adaptable and extensible OS based 
and multi-server scheme: each server runs in a protected mode interactin 
messages, and could be added/extended/deleted easily. Since this OS is 1 
inter-process messaging overhead is a concern. Our implementation p ... 
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Device drivers are a very critical part of every operating system. They ol 
that is executed in interrupt handlers. During the execution of interrupt h 
processing of some other interrupts is usually disabled. Thus errors in th; 
compromise the whole system.This paper describes an approach to ensui 
handler is not allowed to use more than a specified amount of time. Our 
on a Java operating system and consists of a combination ... 
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Events are a better means of managing I/O concurrency in server softwa: 
events help avoid bugs caused by the unnecessary CPU concurrency intr 
Event-based programs also tend to have more stable performance under 
threaded programs. We argue that our libasync non-blocking I/O library 
programming convenient and evaluate extensions to the library that allo\ 
programs to take advantage of multi-processors. We conclude that e ... 
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Redundancy alone is not sufficient to provide long-term guarantees in di 
Instead, it must be coupled with mechanisms for automatic maintenance, 
show how Decentralized Object Location and Routing networks (DOLR 
provide a framework for efficient heartbeats and continuous system repa 
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With large-scale embedded systems, improvement of development effici 
most important problems. In this paper, we design and implement an em 
system, called the Lambda operating system, which improves the mainta 
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As the articles in this section attest, the future of Web services is as certa 
That is, the Web services arena is most certainly the next technological \ 
clear is what direction (of many) that wave will flow. The challenge of s< 
successfully pull all the components together is particularly daunting. 
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Microsoft has developed a language called C# ("see sharp") that it claim: 
programmers to "quickly and easily build solutions" for its new.NET pla 
language has much in common with Java, particularly in those features e 
and CS2 courses. It also includes some of the desirable features of C++ 1 
from Java as well as some new features not available in either language, 
the pros and cons of teaching CS1 and CS2 using C# instead ... 
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In this paper we introduce a novel aspect oriented implementation languj 
JAsCo is tailored for component based development and the Java Beans 
in particular. The JAsCo language introduces two concepts: aspect beans 
aspect bean describes behavior that interferes with the execution of a cor 
special kind of inner class, called a hook. The specification of a hook is ( 
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The Microsoft.NET Common Language Runtime provides a shared type 
intermediate language and dynamic execution environment for the imple 
operation of multiple source languages. In this paper we extend it with d 
parametric polymorphism (also known as generics), describing the desig 
written in an extended version of the C# programming language, and ext 
implementation by reference to a prototype extension to the runtim ... 
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Previously, techniques such as class hierarchy analysis and profile-guide 
prediction have been demonstrated to greatly improve the performance c 
written in pure object-oriented languages, but the degree to which these i 
transferable to applications written in hybrid languages has been unclear 
this question, we have developed the Vortex compiler infrastructure, a la 
optimizing compiler for object-oriented languages, with ... 
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We propose a conservative extension of the polymorphic lambda calculi] 
intermediate language for compiling languages with name-based class ai 

hierarchies. Our extension enriches standard with recursive ty] 

types, and row polymorphism, but only ordered records with no subtypir 

language on makes it also a suitable target for translation from 
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underlying infrastructure for the Microsoft .NET Framework. A key inn( 
is its support for multiple programming languages, enabling programmir 
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Understanding distributed applications is a tedious and difficult task. Vis 
on process-time diagrams are often used to obtain a better understanding 
the application. The visualization tool we use is Poet, an event tracer de\ 
University of Waterloo. However, these diagrams are often very comple: 
the user with the desired overview of the application. In our experience, 
repeated occurrences of non-trivial commun ... 
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Languages that integrate functional and logic programming with a comp 
semantics are based on narrowing, a unification-based goal-solving mecl 
subsumes the reduction principle of functional languages and the resolut 
logic languages. In this article, we present a partial evaluation scheme fo 
languages based on an automatic unfolding algorithm which builds narrc 
method is formalized within the theoretical framework est ... 
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We introduce a unified framework to describe, relate, compare, and clas; 
language implementations. The compilation process is expressed as a su< 
transformations in the common framework. At each step, different trans! 
fundamental choices. A benefit of this approach is to structure and decor 
implementation process. The correctness proofs can be tackled independ 
and amount to proving program transformations in the functi ... 
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We unify previous work on the continuation-passing style (CPS) transfo: 
generic framework based on Moggi's computational meta-language. Thii 
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corresponding administrative reductions and inverse transformations. W< 
formal connections between operational semantics and equational theorii 
properties of transformations for specific evaluation orders ... 
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An extension language is an interpreted programming language designee 
a domain-specific framework. The addition of domain-specific primitive 
embedded extension language transforms that vanilla extension languagt 
specific language. The LUxWORKS processor simulator and debugger f 
Tel as its extension language. After an overview of extension language e 
LUxWORKS experience, this paper looks at using Java reflection and ... 
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This paper presents a framework for supporting the optimization of Java 
attributes in Java class files. We show how class file attributes may be us 
optimization opportunities and profile information to a variety of Java vi 
including ahead-of-time compilers and just-in-time compilers. We preset] 
context of Soot, a framework that supports the analysis and transformatic 
(class files)[21, 25, 26]. We demonstrate the frame ... 
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The state of object-oriented is evolving rapidly. This survey describes wl 
thought to be the key ideas. Although it is necessarily incomplete, it com 
and industrial efforts and describes work in both the United States and E 
well-known ideas, like that of Coad and Meyer [34], in favor of less wid 
projects.Research in object-oriented design can be divided many ways. S 
focused on describing a design process. ... 
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The creation of reusable software components is an important part of mo 
practice. Generic templates are one technique for designing these compo 
template is a module containing algorithms which can operate on some c 
where the specific data type is not known until later in the development ] 
languages, including Ada, support this technique. In Ada, generic temph 
safe at compile time. We examine some features of Ada which al ... 
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Frameworks and domain-specific visual languages are two different reus 
first targeted at expert programmers, the second at domain experts. In fa< 
are closely related. This paper shows how to develop a domain-specific 1 
first developing a white-box framework for the domain, then turning it ii 
framework, and finally building a graphical front end for it. We used this 
compiler to specify run-time systems. 
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The object-oriented style of programming facilitates program adaptation 
program genericness, but at the expense of efficiency. We demonstrate e 
state-of-the-art Java compilers fail to compensate for the use of object-oi 
in the implementation of generic programs, and that program specializati 
significant portion of these overheads. We present an automatic program 
Java, illustrate its use through detailed case stud ... 
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The Ovm framework is a set of tools and components for building langu 
present the intermediate representation and software design patterns use( 
framework. One of the main themes in this work has been to support exp 
new linguistic constructs and implementation techniques. To this end, fr« 
components were designed to be parametric with respect to the instructic 
operate. We argue that our approach eases the task of writing new ... 
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The high cost and growing importance of interprocedural data flow anah 
increased interest in demand-driven algorithms. In this article, we presen 
framework for developing demand-driven interprocedural data flow anal 
experience in evaluating the performance of this approach. A demand fo 
information is modeled as a set of queries. The framework includes a gei 
algorithm that determines the response to query by itera ... 
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scale refinements in terms of a fundamental object-oriented technique ca 
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as extensions to the Java language). We present a spec ... 
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Consistency is a major issue that must be properly addressed when consi 
view architectures. In this paper, we provide a formal definition of views 
graphically using diagrams with multiplicities and propose a simple algo 
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more precise (intra-view and inter- view) consistency requirements. We s 
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